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DETAILED ACTION 
Election/Restrictions 

1. Claims 15-23, 25-42 and 52 are withdrawn from further consideration pursuant to 37 
CFR 1 . 142(b), as being drawn to a nonelected invention, there being no allowable generic or 
linking claim. Applicant timely traversed the restriction (election) requirement in the reply filed 
on 07/27/2004. 

2. Applicant's election with traverse of claims 1-14, 24 and 43-51 in the reply filed on 
07/27/2004 is acknowledged. The traversal is on the ground(s) that "the outstanding Restriction 
Requirement has not established that an undue burden would exist if the Restriction Requirement 
was not issued and all the claims were examined together". This is not found persuasive because 
Invention II and III utility such labeling/relabeling a parcel and determining a fraud score for a 
transaction, respectively. Because these invention are distinct for the reasons given above and the 
search requii'ed for Inventions II and II ai'e not required for Invention I, restriction for 
examination purposes as indicated is proper. 

The requirement is still deemed proper and is therefore made FINAL. 

3. Claims 1-14, 24 and 43-51 have been examined. 

Claim Rejections - 35 USC §101 

4. 35 U.S-C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claims 1 , 9 and 43 are rejected under 35 U.S. C. 101 because the claimed invention is 
directed to non-statutory subject matter. The claims are directed to a process that does nothing 
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more than manipulate an abstract idea. There is no practical application in the technological arts. 
All that is necessary to make a sequence of operational steps a statutory process within 35 U.S.C. 
101 is that it be in the technological arts so as to be consonance with the Constitutional purpose 
to promote the progress of ''useful arts." In re Musgrave, 43 1 F.2d 882, 167 USPQ 280 (CCPA 
1970). Also, a claim is limited to a practical application when the method, as claimed, produces 
a concrete, tangible and useful result: i.e. the method recites a step or act of producing something 
that is concrete, tangible and useful. See AT&T v. Excel Communications Inc, 172F.3d at 1358, 
50 USPQ2dat 1452. 

Claim Rejections - 35 USC § 103 
5. Claims 1-14, 24 and 43-51 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over "An Efficient Fair Payment System" to Camenisch et al. in view of US Publication No. 
2004/0002903 to Stolfo et al. 

Camenisch et al. disclose receiving by a trusted third party from the buyer and indicator 
of a payment method and assigning an anonymous identifier to the indicator that corresponds to 
the payment method (see pages 90 & 91, Opening of a Personal Account, Registration at the 
Judge and Payment). Camenisch et al. do not expressly disclose populating by the trusted third 
party a digital repository with data that is associated with the buyer, the data including a buyer 
identification indicator, the indicator of the payment method, and the anonymous identifier, 
purchasing by the buyer a product having a total sale price from a seller, providing by the buyer 
the anonymous identifier to the trusted third party as an anonymous payment method for the 
product, requesting by the seller payment approval by providing the total sale price to the trusted 
third party, querying by the trusted third party to determine the payment method from the 
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anonymous identifier received in the providing step, requesting by the trusted third party 
payment approval from a payment partner by providing the payment partner a description of the 
payment method determined in the querying step and the total sale price and providing payment 
approval to the seller. Stolfo et al. disclose populating by the trusted third party a digital 
repository with data that is associated with the buyer, the data including a buyer identification 
indicator, the indicator of the payment method, and the anonymous identifier (see paragraph 
[0051] Only the party providing the first party with the transacting identity can link the true 
identity of the first party with the transaction identity. Where a purchase is involved, the bank or 
credit clearing entity stores information linking the true identity of the user and the transaction 
identity. The bank or credit card clearing entity generates these transacting identities for all 
customers who use the inventive system and method, and provides a database linking the 
transacting and true identities.), purchasing by the buyer a product having a total sale price from 
a seller (see paragraph [0035]), providing by the buyer the anonymous identifier to the trusted 
third party as an anonymous payment method for the product (see paragraph [0127]), requesting 
by the seller payment approval by providing the total sale price to the trusted third party (see 
paragraph [0138] The proxy computer software waits for and receives from the second party 
vendor confirmation information that the proxy computer software stores for fixture reference. 
The information includes all identifying information transmitted to the second party vendor as 
well as typically complete list of items ordered from the second vendor.), querying by the trusted 
thii'd party to determine the payment method from the anonymous identifier received in the 
providing step (see paragraphs [0140] - [0142] the proxy system passes to the bank the user's 
proxy identifier that allows the bank to identify the user as a bank customer and access the 
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customer's account. In an alternative embodiment, the proxy system database may store user 
bank account information linked to the proxy identifier, and the proxy system may transmit this 
account infomiation), requesting by the trusted third party payment approval from a payment 
partner (i.e. other party) by providing the payment partner a description of the payment method 
determined in the querying step and the total sale price and providing payment approval to the 
seller (see paragraphs [0059] & [0060] Approval or disapproval may comprise another party 
providing for approval or disapproval of the purchase. The other party may be a third party who 
approves or disapproves of the purchase based on financial information relating to the first party 
and who also pays the second party and debits the first party if the purchase is approved. The 
other party may arrange with at least a third party to provide for approval or disapproval of the 
purchase.). The process of requesting by the trusted third approval form a payment partner is an 
inherent step. Notice, the "other party" informs the third party if the transaction is approve or 
deny, which implies that the third paity must have first requested such authorization. At the time 
the invention was made, it would have been obvious to a person of ordinary skill the art to 
modify the method disclose by Camenisch et al to include the steps of populating by the trusted 
third party a digital repository with data that is associated with the buyer, the data including a 
buyer identification indicator, the indicator of the payment method, and the anonymous 
identifier, purchasing by the buyer a product having a total sale price from a seller, providing by 
the buyer the anonymous identifier to the trusted third party as an anonymous payment method 
for the product, requesting by the seller payment approval by providing the total sale price to the 
trusted third party, querying by the trusted third party to determine the payment method from the 
anonymous identifier received in the providing step, requesting by the trusted third party 
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payment approval from a payment partner by providing the payment partner a description of the 
payment method determined in the querying step and the total sale price and providing payment 
approval to the seller. One of ordinary skill in the art would have been motivated to do this 
because protects a purchaser's identity during electronic commerce transactions, thereby 
reducing fraudulent purchases (see Stolfo et al. paragraphs [0030]-[0032]). 

Referring to claims 2,3? 44 and 45, Camenisch et al. disclose an anonymous payment 
method (see claim 1 above). Camenisch et al. do not expressly disclose the payment partner is a 
credit processor that receives credit approval from a credit approval authority or the payment 
partner is a credit approval authority. Stolfo et al. disclose the payment partner is a credit 
processor that receives credit approval from a credit approval authority or the payment partner is 
a credit approval authority (see paragraphs [0070], [0094] and [0143]). At the time the invention 
was made, it would have been obvious to a person of ordinary skill the art to modify the method 
disclose by Camenisch et al. to include the step wherein the payment partner is a credit processor 
that receives credit approval from a credit approval authority or the payment partner is a credit 
approval authority. One of ordinary skill in the art would have been motivated to do this because 
it provides an additional level of security. 

Referring to claims 4 and 46, Camenisch et al. the payment method is at least one of a 
credit card, debit cad, an e-check, and a direct debit account (see pg- 91 , Withdrawal from 
Personal Account, and Payment). 

Referring to claims 5-7,10-12 and 47-49, Camenisch et al. disclose an anonymous 
payment method, wherein the anonymous identifier is a unique code (see pg. 90, anonymous 
account mmhQvyA), Camenisch et al. do not expressly disclose the anonymous identifier is 
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nickname or a one-time use code. Stolfo et al. disclose the anonymous identifier is nickname 
and a one-time use code (see paragraph [0047] the user has a different identity for each time it 
estabHshes communication with a second party or for each transaction [0048] the proxy can 
provide a user name which is a function of a unique name or proxy identifier of each user and the 
proxy's identity for each transaction). At the time the invention was made, it would have been 
obvious to a person of ordinary skill the art to modify the method disclose by Camenisch et al. to 
include the step wherein anonymous identifier is nickname or a one-time use code. One of 
ordinary skill in the art would have been motivated to do this because protects a purchaser's 
identity during electronic commerce transactions, thereby reducing fraudulent purchases (see 
Stolfo et al. paragraphs [0030]-[0032]). 

Referring to claims 8 and 14, Camenisch et al. disclose the anonymous identifier is 
assigned by at least one of the buyer and the seller (see pg. 90, Registration at the Judge, the 
customer must first generate an new anonymous account number 3;^). At the time the invention 
was made, it would have been obvious to a person of ordinary skill the art to modify the method 
disclose by Camenisch et al. to include the step wherein the anonymous identifier is assigned by 
at least one of the buyer and the seller the. One of ordinary skill in the art would have been 
motivated to do this because protects a purchaser's identity during electronic commerce 
transactions, thereby reducing fraudulent purchases (see Stolfo et al. paragraphs [0030]-[0032]). 

Refen ing to claim 9, Camenisch et al. disclose establishing by a trusted third party for a 
buyer a prefunded cash account, assigning an anonymous identifier to the prefunded account (see 
pages 90 & 91, Opening of a Personal Account, Registration at the Judge, Opening of the 
Anonymous Account and Payment). Camenisch et al do not expressly disclose populating by the 
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trusted third party a digital repository with data that is descriptive of the buyer, the data including 
a buyer identification indicator, the identification indicator for the prefunded cash account and 
the anonymous identifier, purchasing by the buyer a product having a total sale price from a 
seller, providing by the buyer the anonymous identifier to the trusted third party as an 
anonymous payment method for the product, requesting by the seller payment approval by 
providing the total sale price to the trusted third party, querying by the trusted third party to 
determine the payment method from the anonymous identifier received in the providing step, 
requesting by the trusted third party payment approval from a payment partner by providing the 
payment partner a description of the payment method determined in the querying step and the 
total sale price and providing payment approval to the seller. Stolfo et al. populating by the 
trasted third party a digital repository with data that is descriptive of the buyer, the data including 
a buyer identification indicator, the identification indicator for the prefunded cash account and 
the anonymous identifier (see paragraph [0051] Only the party providing the first party with the 
transacting identity can link the true identity of the first party with the transaction identity. 
Where a purchase is involved, the bank or credit clearing entity stores information linking the 
true identity of the user and the transaction identity. The bank or credit card clearing entity 
generates these transacting identities for all customers who use the inventive system and method, 
and provides a database Hnking the transacting and true identities.), purchasing by the buyer a 
product having a total sale price from a seller (see paragraph [0035]), providing by the buyer the 
anonymous identifier to the trusted third party as an anonymous payment method for the product 
(see paragraph [0127]), requesting by the seller payment approval by providing the total sale 
price to the trusted thii'd party (see paragraph [0138] The proxy computer software waits for and 
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receives from the second party vendor confirmation information that the proxy computer 
software stores for future reference. The information includes all identifying information 
transmitted to the second party vendor as well as typically complete list of items ordered from 
the second vendor.), querying by the trusted third party to determine the payment method from 
the anonymous identifier received in the providing step (see paragraphs [0140] - [0142] the 
proxy system passes to the bank the user's proxy identifier that allows the bank to identify the 
user as a bank customer and access the customer's account. In an alternative embodiment, the 
proxy system database may store user bank account information linked to the proxy identifier, 
and the proxy system may transmit this account infoimation), requesting by the trusted third 
party payment approval from a payment partner (i.e. other party) by providing the payment 
partner a description of the payment method determined in the querying step and the total sale 
price and providing payment approval to the seller (see pai'agraphs [0059] & [0060] Approval or 
disapproval may comprise another party providing for approval or disapproval of the purchase. 
The other party may be a third party who approves or disapproves of the purchase based on 
financial information relating to the first party and who also pays the second party and debits the 
first party if the purchase is approved. The other party may arrange with at least a third party to 
provide for approval or disapproval of the purchase.). The process of requesting by the trusted 
third approval form a payment partner is an inherent step. Notice, the "other party" informs the 
third party if the transaction is approve or deny, which implies that the third party must have first 
requested such authorization. At the time the invention was made, it would have been obvious to 
a person of ordinai'y skill the art to modify the method disclose by Camenisch et al to include the 
steps of populating by the trusted third party a digital repository with data that is associated with 
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the buyer, the data including a buyer identification indicator, the indicator of the payment 
method, and the anonymous identifier, purchasing by the buyer a product having a total sale 
price from a seller, providing by the buyer the anonymous identifier to the trusted third party as 
an anonymous payment method for the product, requesting by the seller payment approval by 
providing the total sale price to the trusted third party, querying by the trusted third party to 
determine the payment method from the anonymous identifier received in the providing step, 
requesting by the trusted third party payment approval from a payment partner by providing the 
payment partner a description of the payment method determined in the querying step and the 
total sale price and providing payment approval to the seller. One of ordinary skill in the art 
would have been motivated to do this because protects a purchaser's identity during electronic 
commerce transactions, thereby reducing fraudulent purchases (see Stolfo et al. paragraphs 
[0030]-[0032]). 

Referring to claim 24, Camenisch et al. disclose means for (the judge's terminal) 
receiving by a trusted third party from the buyer and indicator of a payment method and means 
for (i.e. customer's device) assigning an anonymous identifier to the indicator that corresponds to 
the payment method (see pages 90 & 91, Opening of a Personal Account, Registration at the 
Judge and Payment and pg, 93, Implementation). Camenisch et al. do not expressly disclose 
means for populating by the trusted third party a digital repository with data that is associated 
with the buyer, the data including a buyer identification indicator, the indicator of the payment 
method, and the anonymous identifier, means for purchasing by the buyer a product having a 
total sale price from a seller, means for providing by the buyer the anonymous identifier to the 
trusted third party as an anonymous payment method for the product, means for requesting by 
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the seller payment approval by providing the total sale price to the trasted thii'd party, means for 
querying by the trusted third party to determine the payment method from the anonymous 
identifier received in the providing step, means for requesting by the trusted third party payment 
approval from a payment partner by providing the payment partner a description of the payment 
method determined in the querying step and the total sale price and means for providing payment 
approval to the seller. Stolfo et al. disclose means for (i,e. database) populating by the trusted 
third party a digital repository with data that is associated with the buyer, the data including a 
buyer identification indicator, the indicator of the payment method, and the anonymous identifier 
(see paragraph [0051] Only the party providing the first party with the transacting identity can 
link the true identity of the first party with the transaction identity. Where a purchase is 
involved, the bank or credit clearing entity stores information linking the true identity of the user 
and the transaction identity. The bank or credit card clearing entity generates these transacting 
identities for all customers who use the inventive system and method, and provides a database 
linking the transacting and true identities.), means (i.e. computer, see paragraph [0045]) for: 
purchasing by the buyer a product having a total sale price from a seller (see paragraph [0035]), 
providing by the buyer the anonymous identifier to the trusted third party as an anonymous 
payment method for the product (see paragraph [0127]), requesting by the seller payment 
approval by providing the total sale price to the trusted third party (see paragraph [0138] The 
proxy computer softwai^e waits for and receives from the second paity vendor confirmation 
information that the proxy computer software stores for future reference. The information 
includes all identifying information transmitted to the second party vendor as well as typically 
complete list of items ordered from the second vendor.), querying by the trusted third paity to 



Application/Control Number: 09/7 15,176 Page 1 2 

Art Unit: 3621 

determine the payment method from the anonymous identifier received in the providing step (see 
paragraphs [0140] - [0142] the proxy system passes to the bank the user's proxy identifier that 
allows the bank to identify the user as a bank customer and access the customer's account. In an 
alternative embodiment, the proxy system database may store user bank account information 
linked to the proxy identifier, and the proxy system may transmit this account information), 
requesting by the trusted third party payment approval from a payment partner (i.e. other party) 
by providing the payment partner a description of the payment method determined in the 
querying step and the total sale price and providing payment approval to the seller (see 
paragraphs [0059] & [0060] Approval or disapproval may comprise another party providing for 
approval or disapproval of the purchase. The other party may be a third party who approves or 
disapproves of the purchase based on financial information relating to the first party and who 
also pays the second party and debits the first party if the purchase is approved. The other party 
may arrange with at least a third party to provide for approval or disapproval of the purchase.). 
The process of requesting by the trusted third approval form a payment partner is an inherent 
step. Notice, the "other party" informs the third party if the transaction is approve or deny, which 
implies that the third party must have first requested such authorization. At the time the 
invention was made, it would have been obvious to a person of ordinary skill the art to system 
disclose by Camenisch et al to include means for: populating by the trusted third party a digital 
repository with data that is associated with the buyer, the data including a buyer identification 
indicator, the indicator of the payment method, and the anonymous identifier, purchasing by the 
buyer a product having a total sale price from a seller, providing by the buyer the anonymous 
identifier to the trusted third party as an anonymous payment method for the product, requesting 
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by the seller payment approval by providing the total sale price to the trusted third party, 
querying by the trusted third party to determine the payment method from the anonymous 
identifier received in the providing step, requesting by the trusted third party payment approval 
from a payment partner by providing the payment partner a description of the payment method 
determined in the querying step and the total sale price and providing payment approval to the 
seller. One of ordinary skill in the art would have been motivated to do this because protects a 
purchaser's identity during electronic commerce transactions, thereby reducing fraudulent 
purchases (see Stolfo et al. paragraphs [0030]-[0032]). 

Referring to claims 43 and 51, Camenisch et al. disclose receiving by a trusted third party 
from the buyer and indicator of a payment method, assigning an anonymous identifier to the 
indicator that corresponds to the payment method and providing by the buyer to the trusted third 
party the anonymous identifier as an anonymous payment method for the product, wherein the 
anonymous identifier is assigned by at least one of the buyer and the trusted third party (see 
pages 90 & 91, Opening of a Personal Account, Registration at the Judge and Payment). 
Camenisch et al. do not expressly disclose assigning by the trusted thii'd party at least one unique 
buyer-seller identifier, each corresponding to a unique combination of the buyer and at least one 
sellers, populating by the trusted third party a digital repository with data that is descriptive of 
the buyer, the data including a buyer identification indicator, the indicator of the payment 
method, and the anonymous identifier, and at least one unique buyer-seller identifier, purchasing 
by the buyer a product having a total sale price from a seller, providing by the buyer the an 
appropriate one of the at least one buyer-seller identifiers to the one of at least one sellers, the 
appropriate one of the at least one unique buyer-seller identifiers corresponding to the buyer and 
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the one of the at least seller, requesting by the seller payment approval by providing the total sale 
price to the trusted third party, querying by the trusted third party the digital repository to 
determine the payment method from the anonymous identifier received in the providing by the 
buyer to the trusted third party step, requesting by the trusted third party payment approval from 
a payment partner by providing the payment partner the payment method determined in the 
querying step and the total sale price, providing payment approval to the seller, requesting by the 
one of the at least sellers to the trusted third party a communication of a message to the buyer by 
providing the trusted third party the appropriate one of the at least one unique buyer-identifiers 
and forwarding by the trusted third party the message to the buyer by determining an identity of 
the buyer using the appropriate one of the at least one unique buyer-seller identifiers received in 
the requesting step. Stolfo et al. disclose assigning by the trusted third party at least one unique 
buyer-seller identifier, each corresponding to a unique combination of the buyer and at least on 
seller (see paragraph [0107] The unique transaction identifier serves to hid the true identity of the 
recipient and indexes the transaction. The unique transaction identifier may therefore serve as a 
data to the entire transaction any may be used to store and access transaction data such as 
recipient name, address, second party vendor.), populating by the trusted third party a digital 
repository with data that is associated with the buyer, the data including a buyer identification 
indicator, the indicator of the payment method, and the anonymous identifier and at east one 
unique buyer-seller identifier (see paragraph [0051] Only the party providing the first paity with 
the transacting identity can link the true identity of the first party with the transaction identity. 
Where a purchase is involved, the bank or credit clearing entity stores information linking the 
true identity of the user and the transaction identity. The bank or credit cai'd clearing entity 
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generates these transacting identities for all customers who use the inventive system and method, 
and provides a database linking the transacting and true identities.), providing by the buyer an 
appropriate one of the at least one unique buyer-seller identifiers to the one of the at least one 
sellers, the appropriate one of the at least one unique buyer-seller identifiers corresponding to the 
buyer and the one of the at least one seller (see paragraph [0107]; notice, "the unique transaction 
identifier may be linked to a tracking number", which implies that the buyer can provide it to the 
seller for tracking or other purposes), purchasing by the buyer a product having a total sale price 
from a seller (see paragraph [0035]), providing by the buyer the anonymous identifier to the 
trusted third party as an anonymous payment method for the product (see paragraph [0127]), 
requesting by the seller payment approval by providing the total sale price to the trusted third 
party (see paragraph [0138] The proxy computer software waits for and receives from the second 
party vendor confirmation information that the proxy computer software stores for ftiture 
reference. The information includes all identifying information transmitted to the second party 
vendor as well as typically complete list of items ordered from the second vendor.), querying by 
the trusted third party to determine the payment method from the anonymous identifier received 
in the providing step (see paragraphs [0140] - [0142] the proxy system passes to the bank the 
user's proxy identifier that allows the bank to identify the user as a bank customer and access the 
customer's account. In an alternative embodiment, the proxy system database may store user 
bank account information linked to the proxy identifier, and the proxy system may transmit this 
account information), requesting by the trusted third party payment approval from a payment 
paitner (i.e. other party) by providing the payment partner a description of the payment method 
determined in the querying step and the total sale price and providing payment approval to the 
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seller (see paragraphs [0059] & [0060] Approval or disapproval may comprise another party 
providing for approval or disapproval of the purchase. The other party may be a third party who 
approves or disapproves of the purchase based on financial information relating to the first party 
and who also pays the second party and debits the first party if the purchase is approved. The 
other party may arrange with at least a third party to provide for approval or disapproval of the 
purchase.). The process of requesting by the trusted third approval form a payment partner is an 
inherent step. Notice, the "other party" informs the third party if the transaction is approve or 
deny, which implies that the third party must have first requested such authorization. As for the 
steps of requesting by one of the at least one sellers to the trusted third party a communication of 
a message to the buyer by providing to the trusted third party the appropriate one of the at least 
one unique buyer-seller identifiers and forwai'ding the trusted third party the message to the 
buyer by determining an identity of the buyer using the appropriate one of the at least one unique 
buyer-seller identifiers received in the requesting step, Stolfo et al provides a system to allows 
the buyer, seller and trusted third party to communicate messages (see paragraph [0045]). Stolfo 
et al. do not explicitly state that communication of the message includes providing one unique- 
buyer-seller identifies and using the buyer-seller identifiers received to forward the message. 
However, this is difference is found in the nonfunctional descriptive material and are not 
functionally involved in the steps recited. The requesting and forwarding steps would be 
performed the same regardless of the data. Thus, this descriptive material will not distinguish 
the claimed invention from the prior art in terms of patentability, see In re Gulack, 703F.2d 
1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 
(Fed. Cir. 1994). At the time the invention was made, it would have been obvious to a person of 
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ordinary skill the art to modify the method disclose by Camenisch et al to include the steps of 
assigning by the trusted third party at least one unique buyer-seller identifier, each corresponding 
to a unique combination of the buyer and at least one sellers, populating by the trusted third party 
a digital repository with data that is descriptive of the buyer, the data including a buyer 
identification indicator, the indicator of the payment method, and the anonymous identifier, and 
at least one unique buyer-seller identifier, purchasing by the buyer a product having a total sale 
price from a seller, providing by the buyer the an appropriate one of the at least one buyer-seller 
identifiers to the one of at least one sellers, the appropriate one of the at least one unique buyer- 
seller identifiers corresponding to the buyer and the one of the at least seller, requesting by the 
seller payment approval by providing the total sale price to the trusted third party, querying by 
the trusted third party the digital repository to determine the payment method from the 
anonymous identifier received in the providing by the buyer to the trusted third party step, 
requesting by the trusted third party payment approval from a payment partner by providing the 
payment partner the payment method determined in the querying step and the total sale price, 
providing payment approval to the seller, requesting by the one of the at least sellers to the 
trusted third party a communication of a message to the buyer by providing the trusted third 
party the appropriate one of the at least one unique buyer-identifiers and forwarding by the 
trusted third party the message to the buyer by determining an identity of the buyer using the 
appropriate one of the at least one unique buyer-seller identifiers received in the requesting step. 
One of ordinary skill in the art would have been motivated to do this because protects a 
purchaser's identity during electronic commerce transactions, thereby reducing fraudulent 
purchases (see Stolfo et al paragraphs [0030]-[0032]). 
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Referring to claim 51, Camenisch et al. disclose a method maintaining anonymity of a 
buyer and receiving proxy information from a buyer (see claim 43 above). Camenisch et al. do 
not expressly disclose receiving by the trusted third party an e-mail address for use in an 
anonymous communications with the at least one sellers, wherein the populating step comprises 
populating the digital repository with the e-mail address, and the message forwarded to the buyer 
is an e-mail message sent to the e-mail address. Stolfo et al. disclose receiving by the trusted 
third party an e-mail address (i.e. electronic address) for use in an anonymous communications 
with the at least one sellers (see paragraph [0057]), wherein the populating step comprises 
populating the digital repository with the e-mail address (see paragraph [0051] Where a purchase 
is involved, the bank or credit clearing entity stores information linking the true identity of the 
user.), and the message forwarded to the buyer is an e-mail message sent to the e-mail address 
(see paragraph [0150] the communications between the first party users and the proxy computer 
can be by e-mail). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jalatee Worjloh whose telephone number is (571)272-6714. The 
examiner can normally be reached on Mondays-Thursdays 8:30 - 7:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on (571)272-6712. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306 for Regulai'/After 
Final Actions and (571)273-6714 for Non-Official/Draft. 
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Abstract 

Many proposed payment systems allow the payer to remain 
axiunymoujit during a transaction. However, this uncondi- 
tional privacy protection could be misused by criminals, e.g. 
for blackmailing or money laundering. With a fair payment 
system, anonymous payments are still possible, but the ano- 
nymity can be removed with the help of a trusted party 
which need not be involved in the transaction itself. In this 
paper, we present an efficient fair payment system and we 
discuss its security, 

1 Introduction 

Efficient electronic payment systems are an important pre- 
requisite for electronic commerce. The design of such pay- 
ment systems poses many security-related problems. Apart 
from the common security requirements such as the preven- 
tion of frauds, the protection of the participants' privacy is 
an important issue. 

In many systems the protection of the user's privacy re- 
lies exclusively on administrative and leged measures. Using 
cryptographic tools such as blind signatures [7], it is possi- 
ble to design electronic payment systems that allow partic- 
ipants to remain anonymous during a transaction, without 
affecting the security of the system (e.g. [2, 5, 8, 9]). Such 
systems offer an unconditional privacy protection, but they 
can be misused by criminals for perfect blackmailing [17] or 
for money laundering. 

The concept of a fair payment system, independently pro- 
posed in [3] and [16], offers a compromise between the legit- 
imate need of privacy protection aind an effective prevention 
of misuse by criminals. On one hand, the customer's pri- 
vacy cannot be compromised by the bank or by the payee. 
On the other hand, there is a trusted third party, called the 

* Supported by the Swiss Federal Commission for the Ad- 
vancement of Scientific Research (KWF) and by the Union Bank 
of Switzerland. 

Pennission to nnake digital/hard copies of all or part of this material for 
petsonal or classroom use is granted without fee provided that the copies 
are not made or distributed for profit or commercial advantage, the copy- 
right notice* the title of the publication and its date appear, and iK>tice is 
given that copyright is by permission of the ACM, Inc. To copy otherwise, 
to republish, to post on servers or to redistribute to Ii8t«, requires specific 
permission and/or fee. 
CCS *96, New Delhi, India 
• 1996 ACM 0-89791-829-0/96/03.. $3.50 



judge, which can (in cooperation with the bank) remove the 
anonymity of a transaction if the system is being misused 
by crimineds. Furthermore, the trusted third party is not 
involved in the transaictions. 

In this paper, we present an efficient fair payment system 
based on the anonymous payment system described in [5]. 
The system is currently realized as a prototype, with the 
customer functionality implemented on smart-cards. 

The basic concepts of fair payment systems are discussed 
in Section 2. The new system is described in Section 3, 
followed by a discussion on its security. Some results on the 
prototype implementation are given in Section 4. Finally, 
in Section 5 we compare our propossd with other existing 
payment systems with similar properties. 



2 Bsisic Concepts 

An electronic payment system consists of a set of protocols 
between three interacting parties: a bank, a customer (the 
payer), and a shop (the payee). The customer and the shop 
have both an account with the bank. The goal of the system 
is to transfer money in a secure way from the customer's ac- 
count to the shop's €w:count. It is possible to identify three 
different phases: a withdrawal phase involving the bank and 
the customer, a payment phase involving the customer and 
the shop, and a deposit phase involving the shop amd the 
bank. In an off-line system, each phase occurs in a separate 
tr£msaction, whereas in an on-/me system, such as ours, pay- 
ment and deposit take place in a single transaction involving 
all three parties. 

Bank, ^hop and customer have dilTereut security require- 
ments. The bank wants to make sure that for each account 
credited, another account has been debited. The shop, re- 
ceiving a payment, wants to be assured that the bank will 
accept to credit its account with the received amount. Fi- 
nally, the customer wants to be sure that money he^ has 
withdrawn will be accepted for a payment. Furthermore, 
the customer may require that his privacy be protected. 

Anonymous electronic payment systems (e.g. [2, 5, 8, 9)) 
prevent anybody, including the bank, from violating the 
customer's privacy. Payments are anonymous and differ- 
ent payments of the same customer are unlinkable. This 
is achieved using cryptographic mechanisms such as blind 
signature schemes [4, 7]. 



^In this paper the customer is male whereas the judge is female. 
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A problem with anonymous payment systems is that they 
could be misused by criminals, e.g. for perfect blackmail- 
ing [17] or for money laundering. This is possible because 
the anonymity of payments prevents the bank from tracing 
money. 

Different measures have been proposed to offer a limited 
protection against this kind of threat. A restriction of the 
maximal possible amount transferred during a transaction 
should make the system unattractive for money laundering. 
However, this is effective only if the number of transactions 
that can be done during a short period of time is limited. 
In the case of blackmailing, a possible measure for systems 
such as [8] would be to stop the system when a withdrawal 
is done under threat, which is unrealistic. 

The concept of fair payment systems^ was independently 
proposed in [3] and (16). A fair payment system, like other 
anonymous payment systems, protects the privacy of the 
customer. But in contrast to payment systems that protect 
the privacy unconditionally, there is an additional, trusted 
party, called the judge^ The judge has the following at- 
tributes: 

« She can remove the anonymity of a transaction in coop- 
eration with the hank. This can happen in two different 
ways: Either the bsmk provides the judge with the data 
of a (suspect) withdrawal and asks for information that 
allows to identify the corresponding deposit (or pay- 
ment), or the bank provides her with data of a (suspect) 
deposit and asks for the corresponding withdrawaJ. 

• She is only involved during the setup of the system, pos- 
sibly in the opening of accounts, but not in the trans- 
actions. 

• She is trusted only in privacy-related matters, e.g. the 
bank may not trust her about forging money. 

Note that it is possible to share the functionality of the 
judge among several trusted parties (e.g. the trustees in [3]). 

An adequate protection against money laundering is of- 
fered by fair payment systems because it is possible for the 
judge, in cooperation with the bank, to determine the origin 
or the destination of dubious money transfers. 

Fair payment systems also prevent the "perfect crime" 
scenario described in [17], where a customer is blackmailed 
and forced to act as an intermediary between the blackmailer 
and the bank during the withdrawal of money. In a perfectly 
anonymous payment system, the ransom cannot be recog- 
nized later. However, in a fair payment system, the judge 
can trace the blackmailed money. 

3 Description of the Payment 
System 

The fair payment system presented in this section is based 
on the anonymous payment system of [6]. Let us briefly re- 
call its principle. The bsmk manages two types of accounts: 
personal accounts y of which the owner is known to the bank, 
and anonymous accounts ^ of which only a pseudonym of the 

2 The terminology fair payment system has been actually in- 
troduced in [6]. It corresponds to the concept of payment systems 
with trustee-based tracing introduced in (3). 



owner is known. An anonymous payment is simply a trans- 
fer from a ciistomer*s anonymous account to the shop's ac- 
count. The main part of the system consists of an efficient 
method for transferring money from a personal account to 
an anonymous account without revealing the correspondence 
between them. This is realized using an electronic coin that 
can be paid only into a single anonymous account. Therefore 
double-spending of the coin can be prevented by a simple 
counter (instead of maintaining a large database contain- 
ing all spent coins). Furthermore, the perfect unlinkability 
of personal and anonymous accounts is realized by using a 
blind signature scheme. In order to achieve fairness j this 
system is modiHed in the following way: 

• The judge knows the correspondence between personal 
and anonymous accounts. 

• A coin withdrawn from a personal account can only be 
deposited into a corresponding (i.e. registered) anony- 
mous account. 

The basic idea of the fair payment system presented in 
this paper can be informally described as follows. A pub- 
lic key is associated with each personal account. To open a 
new anonymous account, the customer has to provide a pub- 
lic key which is derived from the public key of his personal 
account. The correspondence between the two keys must be 
registered at the judge. When actually opening the anony- 
mous account, the bank checks whether this registration has 
taken place and whether the public key of the anonymous 
account is correctly constructed. 

Coins withdrawn from the personal account are signed by 
the bank with respect to the public key of the personal ac- 
count. The customer can then derive a valid signature with 
respect to the public key of a corresponding anonymous ac- 
count. Signatures valid for other anonymous accounts can- 
not be derived. 

Because of the registration of corresponding public keys, 
it is possible to trace transactions in cases of money laun- 
dering. Furthermore, tracing is also possible if the customer 
is blackmailed: coins can be paid only into an anonymous 
account that corresponds to the customer's personal account 
(even if the blackmailer opens the anonymous account him- 
self). 

3*1 Protocols 

We now give a detailed description of the system. The ini- 
tialization of the system is divided into three diflPerent steps: 
the Opening of a Personal Account (Fig, 1), the Registration 
at the Judge (Fig. 2), and the Opening of an Anonymous 
Account (Fig. 3), 

After the initialization has been completed, money can 
be transferred from a personsd account to a corresponding 
anonymous account. This transfer is split into two steps. 
During the Withdrawal from Personal Account (Fig, 4), the 
customer debits his personal account. The withdrawn money 
is paid into the corresponding anonymous account using the 
protocol Deposit into Anonymous Account (Fig. 5). A pay- 
ment to a shop is made as a simple transfer from the cus- 
tomer's anonymous account to the shop's account. 

Most of the described protocols need a preceding mutual 
identification of the involved parties by some adequate proto- 
col. However, in some of the protocols the customer must not 



89 



Cusfcomer 




Bank 






oip en Zfl 






yp-g'^^h (modp) 




^P, 8p 


= Sigsiyp) 


yp ^g^'^h (modp) 






Versiyp.sp) = 1 




xo = {xp -^Xky^ (mod g) 


stores ypyXp 




stores yp,a^ 



Figure 1: Opening of a Personal Account 
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Figure 2: Registration at the Judge 



be identified, i.e. the Registration at the Judge^ the Opening 
of the Anonymous Account^ and the Deposit into Anonymous 
Account. 

System parameters 

Let p be a large prime, q a prime divisor of p — 1, e 2p of 
multiplicative order 5, and H a one-way hash function. The 
computation of the discrete iogaurithm modulo p to the base 
g is assumed to be intractable. Let V be the set of possible 
transaction values.The bank selects Xh, € Z,, and Xv € Z<j 
for each v €V. The values A = g^^ (mod p) and {zv}vev 
with Zv = g'^ (mod p) are public, while Xk and {a:i,}v€V are 
kept secret. Let {Sig^y Vers) be a signature scheme of the 
bank. Sig^ is the bank^s secret signature generation function 
and Vtra i» the public verification function. The following 
must hold: Vm,5 ; VerB(m^9) = 1 $ = 5t^B(m). Simi- 
larly, let {Sigjy Verj) be a signature scheme of the judge. 

The concatenation of the strings a and 0 is denoted by 
a II/?. The expression ^ &r X means that f is randomly 
chosen from the (finite) set X according to the uniform dis- 
tribution. 

Opening of a Personal Account 

First, the customer identifies himself to the bank. Then the 
protocol in Figure 1 is carried out. The bank chooses xp at 
random, calculates yp and sends xp and a signature of yp to 
the customer. The public key yp can be considered as the 



account number of the personal account. The integer xp can 
be seen as the customer *s part of the secret key of yp while 
xc is the bank's part of this secret key. 

Registration at the Judge 

In order to open a new anonymous account, the customer 
must first generate a new anonymous account number yA 
and register the correspondence between yA and his personal 
account number yp at the judge. This is accomplished by 
the protocol given in Figure 2. The customer chooses xa at 
random and sends it together with yp and sp to the judge. 
By checking the bank's signature sp the judge verifies that 
2;EP is a valid account number. After having calculated yA the 
judge sends the customer her signature of it. This signature 
now enables the customer to open the anonymous account. 
The variable cntA.a is the customer's counter for the number 
of transfers between the accounts yp and yA . 

Opening of the Anonymous Account 

To open the anonymous account corresponding to yA the 
customer contacts the bank anonymously. Then the proto- 
col in Figure 3 is carried out. This protocol is essentially a 
proof by the customer to the bank that he knows the repre- 
sentation of yA with respect to g and hy i.e. that he knows 
6)^2 e Zq with yA = g^^h^^ (see [1], section 8). By check* 
ing the validity of sa , the bsink verifies indirectly that the 
judge knows the personal account number corresponding to 
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Figure 3: Opening of the Anonymous Account 



yA and vice versa. The variable cntA.B is the bank's counter 
for the number of deposits into the anonymous account jw* 
The customer does no longer need to store sa at the end of 
this step. 

Bank and customer also agree on some form of future au- 
thentication for the customer as the owner of this anonymous 
account. 

Withdrawal from Personal Account 

After having opened the anonymous account the customer 
can transfer money to it. To do so he first withdraws money 
from his personail account yp. After he is identified by the 
bank as the owner of the account, bank and customer exe- 
cute the protocol as indicated in Figure 4. It is a protocol to 
blindly obtain a Schnorr-signature [15] (s', c) of the message 
jw|[cnt4,c for the public key Zv with respect to the base yp. 
Before the customer can pay the withdrawn money into his 
anonymous account ^ he must transform the obtained signa^ 
ture into one with respect to the base yA* This can be done 
by simply multiplying s' by xa- Thus the pair (s,c) is the 
signature of the message j(4||cntA,c for the public key Zp 
with respect to the base jm- The corresponding verification 
equation is; 

c~H{t\\yA\\cntA,c) 
where t ^ yX^l (mod p). 

Deposit into Anonymous Account 

The protocol given in Figure 5 allows the customer to de- 
posit the withdrawn money into the appropriate anonymous 
account. For this protocol there is no need for the bcink to 
identify the customer. 

Payment 

When the money has been paid into the anonymous account, 
the customer can use it for a payment. For such a payment, 
the shop, the customer and the bank have to be on-line. 
The customer is identified by the bank as the owner of the 
anonymous account yA. The payment itself is then a on- 
line transaction from account yA to the shop's account. The 



bank only has to prevent overdraft, i.e, to check on-line the 
balance of the account used for the payment. 

Although the customer's identity is not revealed, the bank 
can still link different transactions when the same anony- 
mous account is used for different payments. However, for 
transactions that should not be linked by the bank, the cus- 
tomer can use different anonymous accounts corresponding 
to the same personal account. 

Removal of the Anonymity 

Since the judge knows the correspondence between personal 
and anonymous accounts, she can at any time find the origin 
or the destination of a transfer, when provided with anony- 
mous or personal account numbers. 

3.2 Security Analysis 

Signature generated during the withdrawal pro- 
tocol 

The bank wants to be sure that the customer, even with 
the help of the judge, is not able to compute a valid coin 
without carrying out the withdrawal protocol. It appears 
to be practically impossible for the customer to generate a 
valid signature without knowing the discrete logarithm of Zv 
to the base yA- In particular, it is easy to see that breaking 
the withdrawal protocol would imply that Okamoto's blind 
version [13] of Schnorr's scheme is insecure. 

Furthermore, it is easy to see that the customer cannot 
compute the discrete logarithm of Zv to the base yA, even 
in collaboration with the judge. The customer has indeed 
proved during the opening of the anonymous account that 
he knows and ^2 with yA = g^^h^^ (mod p). Assume 
furthermore that he can determine the discrete logarithm 
of Zv to the base yA- This means that he has an algorithm 
allowing, on input /i, jKv, to compute Ca, {a, IM with yA = 
g^^h^^ (mod p) and Zv = (mod p). This implies that, 
for given g^kjZv, he has a procedure to find 61^2,^3 € 
with 1 ^ g^^h^^zi^ (mod p). However, the existence of such 
a procedure is known to be equivalent to the existence of an 
algorithm solving the discrete logarithm problem [1]. 
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Figure 4: Withdrawal from Personal Account 
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Figure 5; Deposit into Anonymous Account 



Multiple payments 

Because the electronic coin contains the anonymous account 
number, the customer cannot pay the sstme coin into differ- 
ent anonymous accounts. The counters cntAC and cntAB 
guarantee that the customer cannot deposit the same coin 
more than once into the same account. 

Modification of the transfer value 

The system should prevent a dishonest customer from with- 
drawing an electronic coin of value v and transforming it 
into a coin of value u' > v. This would be possible if the 
customer was able to compute the discrete logarithm of Zy* 
to the base z^; however, this is assumed to be an intractable 
problem. There seems to be no other way to modify the 
value of a given electronic coin. 

Unlinkability of withdrawal and deposit 

Obviously, unlinkability between the withdrawal from the 
personal account and the deposit into the anonymous ac- 
count can be achieved only if many transactions (of each 
transaction value) take place. Additionally, the following 
has to be satisfied: First, it must not be possible for the 



bank to link transactions by analyzing the time they have 
taken place. Therefore, the customer should choose the 
period of time between withdrawal and deposit appropri- 
ately. Second, the bank^s view of two corresponding trans- 
actions must be unlinkable. This is fulfilled because fox 
each u G V, the random variables Viewl = (a%7,j^,f, f,c,s) 
and View2 = (sWj 5,c,cnt>4,fi) are statistically independent: 
For a given pair {Viewu View2)j let xa be the discrete log- 
arithm of yA to the base yp, a = c ~ c (mod q) and 
P = sx^^ — s (mod q)^ It is easy to see that this is the 
only possible choice for a and f3 if ViewX has to be the 
bank's view during the withdrawal phase corresponding to 
the deposit with bank's view given by Vietu^- It remains 
to show that this choice is always valid, i.e. that we have 
c = 'W(t||ii4||cnt>i^B) where t = iz^yp (mod p). The follow- 
ing equalities are easy to check; 

= y;'''''^^^'4''yp^' (modp) 
- yp^^^'zr'yX (modp) 

= 4zr^yX (modp) 
= VazI (modp) 
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and therefore: 

n{t\\yA\\cntA,B) - n{yXzl (mod p)\\yA\\cntA,B) = c. 

The last equality follows from the fact that (c, 5) is a valid 
signature. 

Cross-payments 

A cross-payment is a transfer from a personal account yp to 
an anonymous account which is registered at the judge 
to belong to einother personal account yp. To do such a 
cross- payment, it seems necessary that an attacker knows 
the discrete logarithm of yp to the base yp^ which would 
imply that he knows the secret value = log^ h. But this 
is assumed to be intractable and so cross-payments are not 
possible. 



4 Implementation 

It is essential for the customer that his private data (e.g. 
identification information, or secrete encryption key) are se- 
curely stored and not endangered when carrying out a pro- 
tocol. This becomes even more important if the customer 
wants to be mobile and have access to the network at any 
point, even through untrusted terminals (e.g. shop*s ter- 
minal). To fulfill these requirements, the customer needs 
a portable secure computing device such as a smart-card. 
This device is limited in size, thus its computation power 
BJid storage capacity are restricted. 

To demonstrate the practicability and efficiency of the fair 
payment system described in this article, we decided to im- 
plement the customer*s functionality on a smart-card (the 
Philips Cryptocard [14) with the 83C852.chip^). To simu- 
late a real payment system environment, the implementa^ 
tion includes a key management, a mutual authentication 
procedure, and an encryption mechanism (based on the ci- 
pher IDEA [ll])* The implementation allows the customer 
to manage one personal and two anonymous accounts on the 
card. 



5 Related Work 

There exist several other proposals for payment systems 
offering a conditional privacy protection [6, 3, 12] with a 
trusted third party. 

In the anonymous credit card system [12] each customer 
is provided with a personal account and an anonymous ac- 
count on another (Swiss) bank. Anonymous transfers be- 
tween these two accounts are realized using an intermediary, 
called conmaunication exchange. The information needed to 
link personal and anonymous accounts is shared among the 
customer's banks and the communication exchange, i.e. the 
banks have to cooperate with the communication exchange 
to recover this correspondence. 

The first fair payment systems with an "off-line" trusted 
party have been proposed in [3], where unconditionally 
anonymous payment systems [2, 10] are extended by the con- 
cept of trustee- based tracing. 

38-bit CPU (Intel 8051 family), 6 kByte ROM, 256 Byte RAM, 
2 kByte BEPROM, 1-6 MHz clock frequency. 



Independently, [16] described the concept of fair blind sig- 
nature schemes, which allows a trusted third party to link a 
signed message to the corresponding signature generation 
and vice versa. By replacing the signature scheme it is 
possible transform unconditionadly anonymous payment sys- 
tems into fair payment systems. In [6] two variations of this 
method are described. 



6 Conclusion 

We have presented a new fair payment system. It edlows 
customers to perform anonymous payments. However the 
anonymity can be removed on request by a trusted party. We 
believe that this approach offers a acceptable compromise 
between the legitimate right for privacy protection and the 
need for effective methods to prevent criminal misuses of this 
privacy. Furthermore, the efficiency of our proposd makes 
is well suited as a payment system over networks such as 
Internet and for implementations on smart cards. 
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